Categories
Articles Web Security

Top 6 emerging cybersecurity and risk management trends: Gartner

One of the main security objective of all the organizations is to protect information confidentiality. The organizations must consider IT security and IT risk management as a part of the executive business planning. According to Gartner, the IT security objectives must be defined for the organization as a whole.

The analyst firm identified the emerging trends in cybersecurity and risk management that security leaders should harness to enhance the resilience of organization while uplifting their own position.

Top cybersecurity and risk management trends:

1. Business leaders realizing importance of cybersecurity for successful business

The senior business executives rarely considered IT security a board-level topic or a key part of digital business strategy. But the recent major cyberattacks like WannaCry and NotPetya that caused financial/brand damage and customer churn for organizations, have changed the sentiment of business leaders.

Finally, they are becoming aware of the impact of cybersecurity to achieve business goals and protect the reputation of organization.

2. Mandatory data protection practices impacting digital business plans

Personal information of customers is the lifeblood of all digital businesses. But, in the US alone, the number of companies that faced data breaches grew from nearly 100 in 2008 to over 600 in 2016.

With the rise in number of data breach incidents like Cambridge Analytics scandal or Equifax breach, the governments are issuing regulatory and legal data protection practices like Europe’s GDPR. These practices impact the digital business plans and demand more emphasis on data liabilities.

3. Cloud-first services becoming norm with advent of modern technologies

The modern technologies that require large amount of data are driving the adoption of cloud-delivered security products. These products provide more agile and adaptive solutions and can use the data in near real-time.

4. Machine learning to solve security issues

As per Gartner, machine learning will become a normal part of security solutions by 2025.

ML can efficiently address a number of security issues like adaptive authentication, insider threats, malware and advanced attackers.

5. New geopolitical risks in software and infrastructure buying decisions

Gartner identified that decisions of buying software and infrastructure are based on the geopolitical considerations of partners, suppliers, and jurisdictions. The trend is driven by rise in levels of cyber political interference, cyber warfare and government demands for backdoor access to software and services.

6. Centralized networks increasing the security risks

While there are numerous benefits of centralized networks, however, it is seriously threatening the organizational goals. Gartner said that if centralized ecosystem significantly affects the organization, then the decentralized architecture should be considered.

Suggested reading: Public cloud services revenue in India will reach $2.5 billion in 2018: Gartner

Gartner will discuss these trends at the Gartner Security & Risk Management Summit.

Categories
Articles Cloud Cloud News

Cryptojacking becoming a serious emerging threat to businesses: Cloud Security Trends report

Around 25% organizations experienced cryptojacking activities in their cloud environment in 2018, up from just 8% in last quarter, according to Cloud Security Trends report by RedLock.

RedLock’s Cloud Security Intelligence (CSI) team published the report to shed light on the cloud security trends in 2018.

  • Cryptojacking becoming mainstream

The report highlighted that cryptojacking, a cyber-attack where hackers hijack processing power of target to mine cryptocurrency, is becoming a serious emerging threat to the businesses.

Organizations are aware of the attacks against cloud and use several practices to prevent from attacks, but still the attack vectors are on the rise. The cryptojacking increased by more than thrice this year.

The cryptocurrency mining requires a lot of computing power, and hence the attackers are stealing cloud computing resources to mine it. CSI team found that some attackers were using advanced evasion techniques for cryptojacking.

  • Majority of resources do not restrict outbound traffic

85% of the organizational resources related to security groups didn’t have any firewall restrictions on outbound traffic, up from 80% a year before. This could lead to accidental data loss and data exfiltration in data breach incidents.

RedLock suggested that organizations should implement a ‘deny all’ default firewall policy, monitor network traffic to identify suspicious activities, and monitor the user activity as well for any abnormal behavior.

  • 43% of access keys not rotated in last 90 days

Another key finding of the report was that 43% of organizations had not changed their access keys and credentials in last 90 days. It’s a big concern because despite the past issues like leaked credentials in GitHub repositories, a majority of organizations left themselves open to attack vectors.

Around 17% organizations suffered from potential account compromises, and 51% organizations publicly exposed one or more cloud storage service.

  • 20% organizations allowing root user activities

A positive finding of the report was that only 20% of organizations allowed root user account to be used for performing the activities, down from 73% last year. The root user accounts should not be used for regular operations. The multi-factor authentication should be enforced on root user accounts, and should be monitored for any suspicious behaviors.

  • 49% of databased not encrypted

With the growing trend to encrypt databases because of cybersecurity standards like GDPR (general data policy regulation), the database encryption has increased. Last year, 82% databases were found unencrypted, which has now decreased to 49%.

CSI team further revealed in the report that 24% of organizations had hosts missing critical patches in public cloud. This left the host vulnerable to suspicious traffic from internet.

Also read: 25% of businesses had their data stolen from public cloud: McAfee Study

“We understand why there might be fatigue with endless reports on IT infrastructures that lack adequate security, and there are signs that corporations are stepping up initiatives to minimize vulnerabilities, but there’s definitely more to do,” said Gaurav Kumar, CTO of RedLock and head of the CSI team. “That’s why this report not only shines a light on emerging dangers but also offers concrete advice on how best to ward off attacks. Cloud computing environments bring tremendous flexibility and great economies of scale, but those advantages are meaningless without top-level security. This is a constant and shared responsibility.”

Categories
Articles Cloud News New Products

“IT managers can’t tell you how 45% of their bandwidth is consumed”: Dirty Secrets of Network Firewalls report

One-in-four IT managers could not identify around 70% of network traffic, revealed a new report “The Dirty Secrets of Network Firewalls”. On average, 45% of the network traffic was going unidentified.

The report is result of a survey of 2700 IT decision makers across ten countries, by leading network and endpoint security provider- Sophos.

The most crucial finding of the survey was that most firewalls were failing to do their job adequately. The organizations had lack of visibility into the network traffic. Since, it was not visible, it could not be controlled.

Dirty Secrets of Network Firewalls

  • 84% of IT pros concerned about security due to lack of visibility into network traffic

84% of the respondents agreed that lack of application visibility was a serious security concern for their business and could impact effective network management. It could result in ransomware, malware, data breaches and other advanced threats.

The increased use of encryption, browser emulation, advanced evasion techniques were the factors that impacted the ability of network firewalls to provide adequate visibility into application traffic.

  • Organizations spent an average of seven working days per month in remediating infected machines

According to the report, the small-sized enterprises spent an average of five working days to remediate 13 machines per month. On the other hand, the large enterprises spent an average of ten working days to remediate 20 machines per month.

Overall, on average, the organizations spent around seven working days to remediate 16 infected machines per month.

The organizations were looking for an integrated network and endpoint security solution that could halt the threats. 99% of IT managers wanted a firewall technology that can automatically isolate infected computers.

79% of the IT managers wanted better protection from their current firewall, while 97% expected firewall protection from the same vendor which allowed direct sharing of security status information.

  • Other risks to businesses due to lack of visibility into network traffic

Other than the security risks, the lack of visibility concerned organizations on other aspects as well.

52% of IT managers said that lack of network visibility negatively impacted the business productivity. They could not prioritize the bandwidth for critical applications.

“For industries that rely on custom software to meet specific business needs, an inability to prioritize these mission critical applications over less important traffic could be costly,” revealed Sophos report.

50% of the respondents who invested in custom applications were unable to identify the traffic. It significantly impacted the return on investment.

  • Key findings of “The Dirty Secrets of Network Firewalls” survey:
  1. An average of 45% of network traffic was going unidentified, and hence couldn’t be controlled.
  2. 84% organizations concerned about security.
  3. 53% organizations concerned about productivity.
  4. 79% IT pros wanted better protection from current firewall.
  5. Organizations dealt with 10-20 infections per month.

Also read: Human error and misconfigured cloud servers responsible for most data breaches in 2017: IBM Security Report

The survey was conducted in October and November 2017, where IT decision makers in ten countries including the US, Canada, Mexico, France, Germany, UK, Australia, Japan, India, and South Africa, were interviewed.

Categories
Cloud Cloud News News

48 million social media records exposed publicly in misconfigured cloud instance 

LocalBlox, a data search service provider who automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks, has been found to expose around 48 million records of personal information gathered from multiple sources, including social media platforms like Facebook, LinkedIn, Twitter etc.

Discovered by the security firm UpGuard, the data was exposed via a misconfigured Amazon Web Services S3 storage instance.

The exposed data included names, physical addresses, dates of birth, personal internet usage like LinkedIn and Facebook histories, as well as Twitter feeds.

As UpGuard explained in a blog post, the exposed data “begins to build a three-dimensional picture of every individual affected— who they are, what they talk about, what they like, even what they do for a living— in essence a blueprint from which to create targeted persuasive content, like advertising or political campaigning.”

UpGuard Cyber Risk Team discovered the exposed data on 18th February when they found an AWS S3 bucket located at subdomain “lbdumps”. This bucket contained 151.3 GB compressed file, which was publicly downloadable and configured for access via the internet.

The file, named “final_people_data_2017_5_26_48m.json” contained 48 million records in json format, separated by new lines. Metadata in a header file revealed LocalBlox as the owner of file.

“The database appears to work by tracking an IP address, matching collected data to that IP address when able, and thus providing a clearer image of the behavior and background of the user at that IP address,” wrote UpGuard.

The personal data of individuals could have been held by unknown third-parties to monetize the information. It could have been used illegitimately for social engineering scams like phishing.

Also read: 25% of businesses had their data stolen from public cloud: McAfee Study

UpGuard Cyber Risk Team notified LocalBlox about the exposure on 28th February, and the file was secured later that day.